top of page
ISSP Threat Hunting

Threat Hunting &
Anomaly Detection

A Managed Security Service provided by ISSP SOC, designed to meet advanced requirements for information security incident management and to ensure operational cybersecurity within organizations.

Empower Your Defense with ISSP SOC

The service employs best practices in identifying known information security threats and discovering unknown threats by utilizing behavioral analysis to detect anomalies.

Proactive Security

Stay ahead of threats by identifying known and unknown risks through behavioral analysis



Detect and respond to potential security threats in their early stages of development

Enhanced Visibility

Gain insights into abnormal behaviors and potential risks in your systems

Transforming Challenges into Opportunities

ISSP SOC's service transforms these pain points into opportunities for proactive defense.

Undetected Risks

Rapidly Changing Tactics

Overwhelmed Security Teams


Visit our Cybersecurity Hub for SMEs

Service Features: How It Works

As part of the ISSP SOC Threat Hunting service, SOC analysts monitor customer endpoints in-depth to detect both known and unknown information security threats. This is achieved by installing specialized Agents on the monitored systems, which collect detailed information about system operations and user activities, and then send this data to the ISSP SOC cloud for analysis.

ISSP Threat Hunting benefits

Monitoring Directions

Within the scope of this service, the primary focus is on monitoring the following event categories:

ISSP Threat Hunting see's deep inside the attack surface


The use of known tactics, techniques, and procedures by adversaries according to the MITRE ATT&CK framework.


The emergence of known indicators of compromise (IoCs), which may signal potential threats.


Deviations from normal functioning (anomalies) in user behavior and endpoint systems based on key parameters, characterizing abnormal behavior and identifying unknown or disguised threats.


Critical events in existing information security defense systems that operate on the principle of signature analysis (antivirus, intrusion detection systems).

Standard Collaboration Framework between Client Roles and ISSP SOC 

The integration with the service is achieved by deploying an agent on the client's workstations and servers, compatible with Windows, Linux, and MacOS operating systems. This agent communicates directly with the ISSP SOC monitoring system, allowing for the secure collection of supplementary telemetry data from endpoints, even those situated outside the client's corporate network, via a secure protocol. 

An optional component consists of a gateway/server equipped with connectors that facilitate the remote gathering of audit logs from the client's security infrastructure, encompassing both on-premise and cloud services. The remaining components of the monitoring system are housed within the ISSP SOC cloud-based data processing center, situated in the European Amazon AWS tenant. 

Secure communication between the connector server and the monitoring system is maintained through a secure protocol. 

How Threat Hunting works
  • What is the Penetration Testing?
    A Penetration Test also known as a Pentest is a professional cybersecurity assessment that emulates the attacker's technics in compromising the target infrastructure. By holding a Pentest, you would practically define the weakest points of your infrastructure and be equipped with actionable information on mitigating discovered vulnerabilities and threats. Today, Pentest is considered to be one of the universal type of cybersecurity assessments, which proofs to third-parties that you care about your security.
  • How do I know that I need a Pentest?
    Top three reasons to start planning a Pentest: 1) If you have never carried out a Pentest or had one a long time ago, there are no doubts that it would be beneficial to plan an assessment now. 2) Most regulators and compliance standards in cybersecurity require to have a Pentest at least on the annual basis 3) If you have just made significant changes in your IT infrastructure, the vulnerability landscape should have significantly changed and you should update your awareness
  • How to define the cost per Pentest engagement?
    Once you defined that you need a Pentest, you would already know the key drivers and infrastructure elements a Pentester should focus on. A qualitative Pentest engagement is always a manually handcrafted piece of work, which utilizes tens and hundreds of special tools and services to maximize the vulnerability detection rate. Essentially, the cost structure for the Pentest is assembled from the certified ethical hacker's efforts and the tools, which are used for the particular engagement. For Enterprises the rule of thumb is that a Pentest engagement during the year shall not exceed 10% of the IT budget, while for SMEs these costs could be more significant compared to usual spending for IT. The best way to define the exact cost is to define the goals and develop a technical scope jointly with a Penetration Testing team of your choice.
  • What You Get in the Report?
    Your penetration testing report will contain: An Executive Summary for key decision-makers with no technical background, containing high-level results and what needs to be fixed immediately A Technical Summary with specific findings A description of successful attack vectors, demonstrating what vulnerabilities were exploited (and how) to penetrate the infrastructure Recommendations for remediation and risk management
  • When you need penetration testing?
    You had a breach, recovered, and now want to outline other possible attack scenarios You are about to release a major upgrade to your web app or you have developed your first mobile app and are about to launch it on the App Store or Google Play Store Your IT infrastructure was heavily rebuilt after you switched to working from home and needs to be assessed To win a deal, your client/partner/investor demands that you demonstrate cybersecurity compliance A regulator requests that you regularly perform pentesting Your most recent pentests were all delivered by your current service provider, so it’s a good time to change the attacker’s view and double-check previous results You want to start taking care of cybersecurity, and pentesting is an easy way to start
Anchor 1

Ready to Request a Quote? 
Contact Us!

Tell us a little about yourself, and we'll be in touch right away!

Thanks for submitting!

bottom of page